Gary Winiger wrote: >>Recently I was quite shocked when I looked in my .gaimrc >>file and found that it stored passwords in clear text. >> >>Then whilst reading the NWAM spec it mentioned that wifi >>passwords are also stored in clear text. >> >> > > I have sympathy with you. I suspect what you really want > is a tamperproof personal HW key store. >
If a solution is developed then it should be possible to choose to use a tamperproof personal HW key store instead of some less secure mechanism. And it should be possible to use this as a plugin(?) for mozilla/firefox so that all of the passwords that it saves for you can be put there too. > $HOME isn't that. > Certainly you should restrict the access to owner only > (600) and use Kerberized Secure NFS for $HOME. > I've never tried using Kerberized Secure NFS for $HOME. If it stops Gary su'ing to Darren and being able to read Darren's files as Darren on Gary's desktop, then that is something :) Last time I tried fancy things with NFS was with NIS+ and got burnt. > Also consider > making $HOME an encrypted file system. > > Are we likely to be allowed to make $HOME encrypted on jurassic any time soon ? :) But maybe that is a bridge too far because it impacts $HOME/public_html (or at least a redesign of how users interact with web serving.) If I could just make .mozilla or .gaimrc be protected, that'd be nicer, but I don't want to have to enter n passwords for n files. Darren
